Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Thanks guys for the feedback.
I will give MS support a call reguarding Event ID 5000 the symptoms sure
seem to match.
I had also looked at event ID 5000 as a possible problem, I did not persue
it because the previous 3 crashes only showed event ID 8021 and 8032 in
system event log multiple times. The only other possibilty I could think of
but have not been able to confirm is that windows runs utilites on Active
Directory on weekends by default, ( I might be rembering a Netware utility)
and that maybe there may be a problem with one of the indexes causing AD to
crash. I was thinking of running integrity check and maybe a softrepair in
AD restore mode.
--
Thank You
Artie Maas
"Jorge_de_Almeida_Pinto" wrote:
> "" wrote:
> > Hi Artie,
> >
> > You have a more serious problem with your first error. This
> > might be the
> > cause of your crash. There are a no of KB articles about it.
> >
> > LsaSrv Event ID 5000 Error Message: The Security Package
> > Negotiate Generated
> > an Exception
> >
http://support.microsoft.com/?kbid=328948
> >
> > Your Windows 2000 domain controller stops authenticating users
> > and you see
> > LsaSrv event 5000 in Event Viewer
> >
http://support.microsoft.com/?kbid=831726
> >
> > NTLM authentication may stop unexpectedly in Windows 2000
> >
http://support.microsoft.com/?kbid=841037
> >
> > The Lsass.exe process stops responding or uses 100 percent of
> > the CPU
> > resources on a Microsoft Windows 2000-based computer
> >
http://support.microsoft.com/?kbid=896179
> >
> > What is your service pack level of the server? The first KB
> > suggests that
> > the problem was first corrected in SP4. So if you are not at
> > SP4, you are
> > recommended to update to SP4. If you are already at SP4, then
> > you better
> > call MS PSS to ask for a fix according to articles 2,3,4.
> >
> > br,
> > Denis
> >
> > "Artie Maas" <ArtieMaas@discussions.microsoft.com> wrote in
> > message
> > news:B75CC3F6-6CF0-48F7-A8A6-7071D47D8D5C@microsoft.com...
> > > Hi Dennis
> > >
> > > Here are the first log events when system crashed from
> > System and DNS the
> > > other logs showed no problem up to that point logs were
> > clean.
> > >
> > > System log:
> > > Event Type: Error
> > > Event Source: LsaSrv
> > > Event Category: Devices
> > > Event ID: 5000
> > > Date: 6/25/2005
> > > Time: 11:02:07 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The security package Negotiate generated an exception. The
> > package is now
> > > disabled. The exception information is the data.
> > > Data:
> > > 0000: 05 00 00 c0 00 00 00 00 ...À....
> > > 0008: 00 00 00 00 a9 95 f8 77 ....©•øw
> > > 0010: 02 00 00 00 00 00 00 00 ........
> > > 0018: e3 06 90 90 3f 00 01 00 ã.��?...
> > > 0020: 00 00 00 00 00 00 00 00 ........
> > > 0028: 00 00 00 00 00 00 00 00 ........
> > > 0030: 00 00 00 00 00 00 00 00 ........
> > > 0038: 7f 02 ff ff 20 00 ff ff .ÿÿ .ÿÿ
> > > 0040: ff ff ff ff 93 1c 18 70 ÿÿÿÿ“..p
> > > 0048: 1b 00 d9 06 d8 3a 17 70 ..Ù.Ø:.p
> > >
> > >
> > > Event Type: Warning
> > > Event Source: MRxSmb
> > > Event Category: None
> > > Event ID: 3034
> > > Date: 6/25/2005
> > > Time: 11:11:31 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The redirector was unable to initialize security context or
> > query context
> > > attributes.
> > > Data:
> > > 0000: 00 00 08 00 02 00 56 00 ......V.
> > > 0008: 00 00 00 00 da 0b 00 80 ....Ú..€
> > > 0010: 00 00 00 00 fe 00 00 c0 ....þ..À
> > > 0018: 00 00 00 00 00 00 00 00 ........
> > > 0020: 00 00 00 00 00 00 00 00 ........
> > > 0028: 7d 04 00 00 fe 00 00 c0 }...þ..À
> > >
> > >
> > > Event Type: Warning
> > > Event Source: BROWSER
> > > Event Category: None
> > > Event ID: 8021
> > > Date: 6/25/2005
> > > Time: 11:11:31 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The browser was unable to retrieve a list of servers from
> > the browser
> > master
> > > \SERVER2000 on the network
> > > DeviceNetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}.
> > The data is
> > the
> > > error code.
> > > Data:
> > > 0000: 54 05 00 00 T...
> > >
> > >
> > > Event Type: Error
> > > Event Source: BROWSER
> > > Event Category: None
> > > Event ID: 8032
> > > Date: 6/25/2005
> > > Time: 11:13:31 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The browser service has failed to retrieve the backup list
> > too many times
> > on
> > > transport
> > DeviceNetBT_Tcpip_{39EAF80C-E9BF-413E-93E0-909DF2BADA9E}.
> > The
> > > backup browser is stopping.
> > > Data:
> > > 0000: 54 05 00 00 T...
> > >
> > >
> > > DNS Log
> > >
> > > Event Type: Error
> > > Event Source: DNS
> > > Event Category: None
> > > Event ID: 4016
> > > Date: 6/25/2005
> > > Time: 11:11:49 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The DNS server timed out attempting an Active Directory
> > service operation
> > on
> > >
> > DC=RootDNSServers,cn=MicrosoftDNS,cn=System,DC=MHMS-LAW,DC=com
> > . Check
> > Active
> > > Directory to see that it is functioning properly. The event
> > data contains
> > the
> > > error.
> > > Data:
> > > 0000: 55 00 00 00 U...
> > >
> > > Event Type: Error
> > > Event Source: DNS
> > > Event Category: None
> > > Event ID: 4016
> > > Date: 6/25/2005
> > > Time: 11:17:49 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The DNS server timed out attempting an Active Directory
> > service operation
> > on
> > > ---. Check Active Directory to see that it is functioning
> > properly. The
> > > event data contains the error.
> > > Data:
> > > 0000: 55 00 00 00 U...
> > >
> > > Event Type: Warning
> > > Event Source: DNS
> > > Event Category: None
> > > Event ID: 3000
> > > Date: 6/25/2005
> > > Time: 11:17:49 PM
> > > User: N/A
> > > Computer: SERVER
> > > Description:
> > > The DNS server is logging numerous run-time events. For
> > information about
> > > these events, see previous DNS Server event log entries. To
> > prevent the
> > DNS
> > > Server from clogging server logs, further logging of this
> > event and other
> > > events with higher Event IDs will now be suppressed.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Thank You
> > >
> > > Artie Maas
> > >
> > >
> > > "Denis Wong @ Hong Kong" wrote:
> > >
> > > > Hi Artie,
> > > >
> > > > Pls post the details of the error/crash such as event log
> > info.
> > Otherwise it
> > > > would be difficult to help.
> > > >
> > > > br,
> > > > Denis
> > > >
> > > > "Artie Maas" <ArtieMaas@discussions.microsoft.com> wrote in message
> > > > news:0639E92D-AD0C-481F-A58C-2972E8F0F1E2@microsoft.com...
> > > > > Hello,
> > > > >
> > > > > Hope someone can help. For the last 3 weekends my
> > windows server has
> > > > > crashed useally late Sat night or early Sun Morning. I
> > would find DNS
> > > > errors
> > > > > indicating Active directory was crashed, this Monday I
> > was able to
> > login
> > > > and
> > > > > sure enough active diectory was down, I could not
> > reconnect it to
> > server.
> > > > I
> > > > > needed to reboot, it then crashed 3 more times after 1
> > hour; all
> > errors
> > > > > indicating Active directory was down. I could not log
> > back in and
> > needed
> > > > to
> > > > > do power off restart. After the last reboot just like
> > the previous
> > week
> > > > > everything is fine. There are no backups or utilities
> > running on
> > weekends
> > > > > and my other server is fine other then a few errors
> > caused by the
> > other
> > > > > server crashing.
> > > > > --
> > > > > Thank You
> > > > >
> > > > > Artie Maas
> > > >
> > > >
> > > >
>
> also check:
>
http://www.eventid.net/display.asp?eventid=5000&eventno=1313&source=LsaSrv&phase=1
>
> to see if it helps
>
> Cheers
>
> --
> Posted using the
http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/Active-Directory-Server-Crashes-weekend-ftopict550991.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1746840
>